P
US8880771B2ActiveUtilityPatentIndex 96

Method and apparatus for securing and segregating host to host messaging on PCIe fabric

Assignee: PLX TECHNOLOGY INCPriority: Oct 25, 2012Filed: Oct 25, 2012Granted: Nov 4, 2014
Est. expiryOct 25, 2032(~6.3 yrs left)· nominal 20-yr term from priority
Inventors:SUBRAMANIYAN NAGARAJANREGULA JACKDODSON JEFFREY MICHAEL
G06F 21/85G06F 13/4022G06F 2213/0026G06F 2221/2141G06F 2213/4004G06F 2221/2129G06F 2221/2149
96
PatentIndex Score
66
Cited by
18
References
23
Claims

Abstract

A PCIe fabric includes at least one PCIe switch. The fabric may be used to connect multiple hosts. The PCIe switch implements security and segregation measures for host-to-host message communication. A management entity defines a Virtual PCIe Fabric ID (VPFID). The VPFID is used to enforce security and segregation. The fabric ID may be extended to be used in switch fabrics with other point-to-point protocols.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
       1. A method of operating a switch fabric having a point-to-point network protocol, the method comprising:
 receiving an input from a switch fabric administrator defining subnets; 
 generating a virtual fabric ID (VFID) for at least one defined subnet; 
 tagging packets of outgoing messages from at least one host with the virtual fabric ID; and 
 determining if an incoming message to at least one host has a tag matching the virtual fabric ID;
 wherein receive processing for incoming messages is supported if the tag of the incoming message matches an approved virtual fabric ID and the message is dropped within the switch if the tag does not match the approved virtual fabric ID. 
 
 
     
     
       2. The method of  claim 1 , wherein the point-to-point protocol is PCI Express. 
     
     
       3. The method of  claim 1 , wherein said tagging is performed via vendor defined messaging. 
     
     
       4. The method of  claim 1 , wherein an error code is returned to a sender if the virtual fabric ID does not match. 
     
     
       5. The method of  claim 1 , wherein said determining includes checking every host-to-host packet coming out of a port and dropping the packet unless it has been tagged with a valid virtual fabric ID. 
     
     
       6. The method of  claim 5 , where said determining includes checking packets at each receiving port for a valid virtual fabric ID and dropping packets having invalid virtual fabric IDs. 
     
     
       7. The method of  claim 1 , wherein the switch fabric includes virtual Direct Memory Access (DMA) engine functions for each port, wherein said receiving comprises: receiving from a fabric administrator one or more settings defining a relationship between VFIDs and DMA functions. 
     
     
       8. The method of  claim 7 , wherein the settings include:
 a single VFID/DMA function; 
 a multiple VFID mode on a per DMA function basis; and 
 a default setting having a single VFID and all DMA functions are set to this setting. 
 
     
     
       9. The method of  claim 1 , further comprising translating an Ethernet Virtual Local Area Network (VLAN) to a corresponding VFID to permit Ethernet VLAN to be run over the fabric switch. 
     
     
       10. The method of  claim 1 , further comprising generating at least one error message based at least in part on the tag not matching an approved VFID. 
     
     
       11. The method of  claim 10 , wherein the at least one error message comprises a security violation notification. 
     
     
       12. A method of operating a switch fabric having a point-to-point network protocol, the method comprising:
 generating a table defining a virtual fabric ID (VFID) for at least one defined subnet; 
 tagging packets of outgoing messages from at least one host with the virtual fabric ID; and 
 determining if an incoming message to at least one host has a tag matching the virtual fabric ID;
 wherein receive processing for incoming messages is supported if the tag matches the virtual fabric ID and the message is dropped within the switch if the tag does not match the virtual fabric ID. 
 
 
     
     
       13. The method of  claim 12 , wherein the point-to-point protocol is PCI Express. 
     
     
       14. The method of  claim 12 , wherein said tagging is performed via vendor defined messaging. 
     
     
       15. The method of  claim 12 , wherein an error code is returned to a sender if the virtual fabric ID does not match. 
     
     
       16. The method of  claim 12 , wherein said determining includes checking every host-to-host packet coming out of a port and dropped the packet unless it has been tagged with a valid virtual fabric ID. 
     
     
       17. The method of  claim 16 , where said determining includes checking at each receiving port for a valid virtual fabric ID and dropping packets having invalid tags. 
     
     
       18. The method of  claim 12 , wherein the switch fabric includes virtual Direct Memory Access (DMA) engine functions for each port, wherein said receiving comprises: receiving from a fabric administrator one or more settings, including setting a relationship between VFIDs and DMA functions. 
     
     
       19. The method of  claim 18 , wherein the settings include:
 a single VFID/DMA function; 
 a multiple VFID mode on a per DMA function basis; and 
 a default setting having a single VFID and all DMA functions are set to this setting. 
 
     
     
       20. The method of  claim 12 , further comprising translating an Ethernet Virtual Local Area Network (VLAN) to a corresponding VFID to permit Ethernet VLAN to be run over the fabric switch. 
     
     
       21. The method of  claim 12 , further comprising generating at least one error message based at least in part on the tag not matching an approved VFID. 
     
     
       22. The method of  claim 12 , wherein the at least one error message comprises a security violation notification. 
     
     
       23. A PCI express switch in connection with a management system, wherein a memory in the management system stores a table of virtual fabric IDs to enforce security and segregation of host-to-host message flows for hosts coupled to the PCI express switch.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.